tinba | 672548ff4ad14da8e0ffe43cd7323ee2a9b2e1c49db2b70b89d207a0d765cc08 | Triage

Sharing

General

Target

672548ff4ad14da8e0ffe43cd7323ee2a9b2e1c49db2b70b89d207a0d765cc08N.exe
Size

54KB
Sample

250204-wawzyavkbz
MD5

f5b6b173c7b1e3e08345135ce265ea80
SHA1

3c529ecff890428411393b73f5db35b79ed1c992
SHA256

672548ff4ad14da8e0ffe43cd7323ee2a9b2e1c49db2b70b89d207a0d765cc08
SHA512

c51efb69bd1376b514502e7cc9844667b02ddfff6cf42ce0af738f0c5301f25bc259307b7c579ae12e4b1979262d0663222eee131eae5dbe4a2cdeab8538d6d4
SSDEEP

768:f3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:P5tPusSRJDTlLTOpJiaDjts4gfFi2+A

Score

10^/10

tinba banker discovery persistence trojan

Malware Config

Targets

- Target
  
  672548ff4ad14da8e0ffe43cd7323ee2a9b2e1c49db2b70b89d207a0d765cc08N.exe
- Size
  
  54KB
- MD5
  
  f5b6b173c7b1e3e08345135ce265ea80
- SHA1
  
  3c529ecff890428411393b73f5db35b79ed1c992
- SHA256
  
  672548ff4ad14da8e0ffe43cd7323ee2a9b2e1c49db2b70b89d207a0d765cc08
- SHA512
  
  c51efb69bd1376b514502e7cc9844667b02ddfff6cf42ce0af738f0c5301f25bc259307b7c579ae12e4b1979262d0663222eee131eae5dbe4a2cdeab8538d6d4
- SSDEEP
  
  768:f3CCRtWM5usSRJDTlLTOpJiqRZNoCRtxihG1gfFNsHWP4jBS:P5tPusSRJDTlLTOpJiaDjts4gfFi2+A
Score

10^/10

tinba banker discovery persistence trojan
- Tinba / TinyBanker
  Banking trojan which uses packet sniffing to steal data.
  trojan banker tinba
- Tinba family
  tinba
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

tinbabankerdiscoverypersistencetrojan

behavioral2